S4-Episode 10: Lessons in Health Privacy: Key Takeaways from 2024
In this episode, Commissioner Patricia Kosseim delves into significant health privacy cases of 2024 with her colleagues from the IPC. The conversation highlights challenges, practical takeaways, and lessons learned from recent cases and investigations under Ontario's Personal Health Information Protection Act. Whether you're a health care provider, privacy professional, or legal expert, this episode is packed with actionable insights you won’t want to miss.
Notes
In this episode, Commissioner Patricia Kosseim delves into significant health privacy cases of 2024 with her colleagues from the IPC. The conversation highlights challenges, practical takeaways, and lessons learned from recent cases and investigations under Ontario's Personal Health Information Protection Act. Whether you're a health care provider, privacy professional, or legal expert, this episode is packed with actionable insights you won’t want to miss.
Episode Highlights:
Ransomware attack on a medical imaging clinic and its implications for privacy and operations [2:28]
LifeLabs cyber attack: joint investigations and key legal outcomes [8:55]
Unauthorized access to patient files: training gaps and remedies [16:39]
Abandoned health records: risks, regulatory actions, and preventative steps [26:02]
Obligations under PHIPA when abandoned records are discovered [31:41]
Key Lessons:
- Proactive approaches to data breaches, including secure backups and notification protocols
- Monitoring dormant accounts and implementing least-privilege access policies
- Importance of privacy training for all staff, including physicians, on an annual basis
- Clear policies on patient privacy and deemed uses of personal health information
- Succession planning to ensure records aren’t abandoned in events like closures or retirements
Resources:
- PHIPA Decision 249
- PHIPA Decision 260
- PHIPA Decision 221
- PHIPA Decision 230
- LifeLabs 2020 Investigation Report
- How to Protect Against Ransomware
- Responding to a Health Privacy Breach: Guidelines for the Health Sector
- Succession Planning to Help Prevent Abandoned Records
- Stamping out snooping once and for all (blog)
- Artificial intelligence in health care: Balancing innovation with privacy (Info Matters podcast episode with Dr. Devin Singh)
- Unmasking digital threats: How to guard against cyber crime (Info Matters podcast episode with Jason Besner, Director of Partnerships at the Canadian Centre for Cyber Security)
- From the bedside to the board: Building a culture of privacy and security in health institutions (Info Matters podcast episode with The Ottawa Hospital’s Chief Information Officer, Shafique Shamji, and Chief Privacy Officer, Nyranne Martin)
- IPC Strategic Priorities 2021-2025
Info Matters is a podcast about people, privacy, and access to information hosted by Patricia Kosseim, Information and Privacy Commissioner of Ontario. We dive into conversations with people from all walks of life and hear stories about the access and privacy issues that matter most to them.
If you enjoyed the podcast, leave us a rating or a review.
Have an access to information or privacy topic you want to learn more about? Interested in being a guest on the show? Post @IPCinfoprivacy or email us at @email.
